This Privacy Policy explains how Goalweaver ("we," "us," "our") handles personal information when you use our websites, applications, and related services (the "Service"). It is separate from our Terms of Service and separate from our Cookie Policy.
If you do not agree with this Policy, please do not use the Service.
We operate Goalweaver. We do not publish a postal address at this time.
Questions or privacy requests: contact us.
If you are in the EU/EEA/UK, you can use the same contact for data rights requests (see §10).
Account details: email, password (hashed), display name.
Content you submit ("Customer Content"): goals, tasks, notes, files, and prompts/messages you enter into AI features.
Support & feedback: emails or messages you send us.
Usage & device data: pages/screens viewed, feature usage, timestamps, referrer, IP address, device/browser type, crash/performance logs.
If you connect third-party tools, we receive only the data needed to provide that integration.
Please avoid uploading sensitive personal data unless necessary and lawful.
Provide the Service (account, core functionality, AI responses). (Legal basis: contract; legitimate interests)
Maintain & improve reliability, safety, and performance (debugging, analytics, quality). (Legitimate interests)
Security & abuse prevention. (Legitimate interests; legal obligations)
Service communications (e.g., changes to features or policies, support replies). (Contract; legitimate interests)
Legal compliance. (Legal obligations)
We do not sell personal information and we do not "share" it for cross-context behavioral advertising.
To power AI features, we send only what's necessary (your prompt and relevant context) to third-party AI service providers. We currently use OpenAI as our primary AI provider. We may integrate additional providers (such as Anthropic, Google, or similar services) in the future depending on the features you use.
We do not intentionally include identifying information in requests to AI providers unless you include it in your messages or files.
We do not control how AI providers process data on their systems. We currently use OpenAI - please review OpenAI's Terms of Use and Privacy Policy. If we add other AI providers, their respective policies will also apply.
If you don't want personal data processed by AI providers, don't include it in prompts or uploads.
Ownership note: You retain ownership of your inputs. To the extent permitted by law, you also own generated outputs related to your inputs; outputs may be similar to content generated for others.
We do not use Customer Content (prompts, files, outputs) to train models beyond providing the Service.
Processors/Service providers: e.g., AI providers (such as OpenAI, Anthropic, Google), cloud hosting, analytics, email/support, and payments—under contracts limiting their use to our instructions.
Legal/safety: to comply with law, enforce our terms, or protect rights and security.
Business transfers: in a merger, acquisition, or asset sale, data may transfer; we'll notify you where required.
We do not sell personal information.
We keep personal data only as long as needed to run the Service, for legitimate business needs (e.g., security, accounting), and to meet legal obligations. Examples:
Account data: while your account is active and a reasonable period after closure (e.g., 30–90 days).
Customer Content: while your account is active; deleted within a reasonable period after you remove it or close your account, subject to backups kept for limited durations.
Logs/analytics: retained for short to moderate periods for reliability and security.
We use reasonable administrative, technical, and physical safeguards to protect personal data. No system is 100% secure. You are responsible for keeping your credentials confidential.
We may process data in countries outside your own. Where required (e.g., EU/EEA/UK), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) when transferring data to processors in third countries.
The Service is not directed to children under 13 (or 16 in some regions). We do not knowingly collect children's data. If you believe a child provided personal data, contact us to request deletion.
Depending on your location, you may have rights to access, rectify, delete, restrict, port, or object to certain processing.
Residents of certain U.S. states may have additional rights (e.g., access, correction, deletion, portability; opt-out of "sale"/"sharing"—not applicable here as we do not sell/share).
To make a request, contact us. We may need to verify your identity. Authorized agents can submit requests with proper authorization.
The Service may link to third-party sites or services. Their privacy practices are governed by their own policies.
We may update this Policy. If changes are material, we will notify you in the Service or by email and update the "Last Updated" date. Continued use after changes take effect means you accept the updated Policy.
Questions, requests, or complaints: contact us.
EU/EEA/UK users may also contact their local data protection authority.